Metadata at May 21, 2025
Last Updated
Published Apr 15, 2025
Service
Tag
MC1055557 - SharePoint Online: Content Security Policy Control in Tenant Administration
Message Center
What changed since this version
Updated May 21,June 11, 2025: We have updated the contenttimeline below. Thank you for your patience.
SharePoint Online Tenant Administrators can now allow script sources for modern pages in SharePoint sites. This feature is particularly useful in scenarios where modern pages have custom code that loads scripts (e.g., TypeScript code) from external sources like a content delivery network (CDN). SharePoint will now report to administrators where sources that have not been allowed are loaded from, providing a way for administrators to identify those sources and take action. Tenant Administrators can also enforce browsers to only load scripts from allowed sources. This behavior can be enabled using SharePoint Online Management Shell.
When this will happen:
Targeted Release: We will begin rolling out on late March 2025 and expect to complete by early April 2025.
General Availability (Worldwide): We will begin rolling out on late April 2025 and expect to complete by late April 2025.
General Availability (GCC, GCC High, DoD): We will begin rolling out on late April 2025 and expect to complete by earlylate June 2025 (previously mid-May)early June).
How this will affect your organization:
Tenant Administrators will have the option to control and govern where custom code loads scripts and, if needed, enforce browsers to only load scripts from trusted sources. A new "Trusted script sources" page will give administrators control over which source can be trusted to load scripts.
What you need to do to prepare:
Snapshot from May 21, 2025
Updated May 21, 2025: We have updated the content Thank you for your patience.
SharePoint Online Tenant Administrators can now allow script sources for modern pages in SharePoint sites. This feature is particularly useful in scenarios where modern pages have custom code that loads scripts (e.g., TypeScript code) from external sources like a content delivery network (CDN). SharePoint will now report to administrators where sources that have not been allowed are loaded from, providing a way for administrators to identify those sources and take action. Tenant Administrators can also enforce browsers to only load scripts from allowed sources. This behavior can be enabled using SharePoint Online Management Shell.
When this will happen:
Targeted Release: We will begin rolling out on late March 2025 and expect to complete by early April 2025.
General Availability (Worldwide): We will begin rolling out on late April 2025 and expect to complete by late April 2025.
General Availability (GCC, GCC High, DoD): We will begin rolling out on late April 2025 and expect to complete by early June 2025 (previously mid-May).
How this will affect your organization:
Tenant Administrators will have the option to control and govern where custom code loads scripts and, if needed, enforce browsers to only load scripts from trusted sources. A new "Trusted script sources" page will give administrators control over which source can be trusted to load scripts.
What you need to do to prepare: